Protocol link layer

ABSTRACT

A link is a software abstraction that represents a direct connection between two CoCo nodes. The link layer detects the presence of neighboring devices and establishes links to them. A protocol abstraction layer converts data frames that arrive on network interfaces into packet objects used by the COCO Protocol Suite.

PRIORITY CLAIM

This application is a Continuation of U.S. Utility application entitled“PROTOCOL LINK LAYER,” having application Ser. No. 13/587,661, filedAug. 16, 2012, which is a Continuation of U.S. Utility applicationentitled “PROTOCOL LINK LAYER,” having application Ser. No. 13/398,751,filed on Feb. 16, 2012, which is a Continuation of U.S. Utilityapplication entitled “PROTOCOL LINK LAYER,” having application Ser. No.12/278,145, filed on Aug. 1, 2008, and completed on May 18, 2009, whichis a U.S. National Stage application of International Application No.PCT/US07/61487, entitled “PROTOCOL LINK LAYER,” filed Feb. 1, 2007,which claims the benefit of U.S. Provisional application, entitled“PROTOCOL LINK LAYER” having Application Ser. No. 60/763,959, filed Feb.1, 2006, which is related to U.S. Provisional application entitled“PROTOCOL CIRCUIT LAYER” having Application Ser. No. 60/763,977, filedFeb. 1, 2006, and U.S. Provisional application, entitled “CONGESTIONMANAGEMENT AND LATENCY PREDICTION IN CSMA MEDIA” having Application Ser.No. 60/764,013, filed Feb. 1, 2006. Accordingly, the present applicationclaims priority to and the benefit of the filing dates of U.S.application Ser. No. 13/398,751, U.S. application Ser. No. 12/278,145,International Application No. PCT/US07/61487, Provisional ApplicationNo. 60/763,959, which are all incorporated by reference herein in theirentireties.

BACKGROUND

Computers have been networked to exchange data between them for decades.One important network, the Internet, comprises a vast number ofcomputers and computer networks interconnected through communicationchannels. The Internet is used for various reasons, including electroniccommerce, exchanging information such as electronic mail, retrievinginformation and doing research, and the like. Many standards have beenestablished for exchanging information over the Internet, such aselectronic mail, Gopher, and the World Wide Web (“WWW”). The WWW serviceallows a server computer system (ie., web server or web site) to sendgraphical web pages of information to a remote client computer system.The remote client computer system can then display the web pages. Eachresource (e.g., computer or web page) of the WWW is uniquelyidentifiable by a Uniform Resource Locator (“URL”). To view a specificweb page, a client computer system specifies the URL for that web pagein a request (e.g., a HyperText Transfer Protocol (“HTTP”) request). Therequest is forwarded to the web server that supports that web page. Whenthat web server receives the request, it sends the requested web page tothe client computer system. When the client computer system receivesthat web page, it typically displays the web page using a browser. Abrowser is typically a special purpose application program forrequesting and displaying web pages.

Currently, web pages are often defined using HyperText Markup Language(“HTML”). HTML provides a standard set of tags that define how a webpage is to be displayed. When a user makes a request to the browser todisplay a web page, the browser sends the request to the server computersystem to transfer to the client computer system an HTML document thatdefines the web page. When the requested HTML document is received bythe client computer system, the browser displays the web page as definedby the HTML document. The HTML document contains various tags thatcontrol the display of text, graphics, controls, and other features. TheHTML document may contain URLs of other web pages available on thatserver computer system or on other server computer systems.

New protocols exist, such as Extensible Mark-up Language (“XML”) andWireless Access Protocol (“WAP”). XML provides greater flexibility overHTML. WAP provides, among other things, the ability to view web pagesover hand-held, wireless devices, such as cell phones and portablecomputers (e.g. PDA's). All of these protocols provide easier ways toprovide information to people via various data processing devices. Manyother protocols and means for exchanging data between data processingdevices continue to develop to further aid the exchange of information.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a block diagram illustrating the relationship of the linklayer to the other layers of the CoCo Protocol Suite in someembodiments.

FIG. 2 is a block diagram illustrating the relationship of variouslayers in the CoCo Protocol Suite in various embodiments.

FIG. 3 is a block diagram illustrating a detailed view of the link layerprotocols in some embodiments.

FIG. 4 is a block diagram illustrating a CoCo protocol header in someembodiments.

FIG. 5 is a block diagram illustrating a packet format that is employedby a link setup sublayer in some embodiments.

FIG. 6 is a block diagram illustrating a link setup packet in someembodiments.

FIG. 7 is a block diagram illustrating an acknowledgement section of theLink Setup Packet in some embodiments.

FIG. 8 is a block diagram illustrating an encoding section of a linksetup packet in some embodiments.

FIG. 9 is a block diagram illustrating a public key section of a linksetup packet in some embodiments.

FIG. 10 is a flow diagram illustrating how to determine roundtrip timesand reception quality in some embodiments.

FIG. 11 is a state diagram showing link states in various embodiments.

FIG. 12 is a block diagram illustrating a link data packet in someembodiments.

FIG. 13 is a block diagram illustrating multicasting in someembodiments.

FIG. 14 is a block diagram, illustrating a destination set section of alink data packet in some embodiments.

FIG. 15 is a flow diagram illustrating a technique for folding hashvalues used in some embodiments.

FIG. 16 is a block diagram illustrating a signature field section of adata link packet in some embodiments.

FIG. 17 is a block diagram illustrating a packet information section ofa data link packet in some embodiments.

FIG. 18 is a block diagram, illustrating a fragmentation section of alink data packet in some embodiments.

FIG. 19 is a block diagram illustrating fields in an acknowledgementsection of a link data packet in some embodiments.

DETAILED DESCRIPTION

The Link Concept

A link is a software abstraction that represents a direct connectionbetween two CoCo nodes. The principle task of the link layer is todetect the presence of neighboring CoCo devices and establish links tothem.

Description of Link Layer Protocol Functionality

Link establishment employs a variation on the traditional three-wayhandshake protocol (packets containing “hello,” “hello-ack,” and“final-ack”; see [lSI]). Link establishment includes the negotiation ofan encoding method and a DiffieHellman key exchange so that allcommunication sent over the link may be cryptographically check-summed[S]. This ensures consistency of identity; that is, a node is guaranteedthat all packets received over a link came from the node with which itestablished that link.

Once a link is established, the link layer

-   -   Relays packets between the network interface layer and higher        protocol layers (the routing and circuit layers).    -   Monitors Quality of Service (QoS) statistics and is able to        report these to higher protocol layers.    -   Supports multicasting by suppressing redundant packet        transmission across a single network interface.    -   Performs fragmentation when packet sizes exceed the network        interface Maximum Transmission Unit (MTU).    -   Closes inactive links to free system resources for new link        requests.        The Link Layer in the Context of Other Protocol Layers

FIG. 1 illustrates the relationship of the link layer to the otherlayers of the CoCo Protocol Suite. The CoCo Protocol Suite layers areshown with italic font in FIG. 1.

More details about the routing layer, circuit layer, and naming systemlayer may be found, respectively, in commonly owned U.S. patentapplication Ser. No. 12/160,597 (hereinafter referred to as “[BLMS]”),commonly owned U.S. patent application Ser. No. 12/278,144 (hereinafterreferred to as “[BMV]”), and commonly owned U.S. patent application Ser.No. 12/160,599 (hereinafter referred to as “[BELM]”). The networkinterface layer is the operating system's device driver for a physicalnetwork device such as an Ethernet card.

Components of the Link Layer

FIG. 2 is a block diagram illustrating the relationship of variouslayers in the CoCo Protocol Suite. The link layer connects to thenetwork interface layer and is comprised of the following components:

-   -   The Protocol Abstraction Layer (PAL), which converts the        incoming data frames that arrive on network interfaces into        packet objects used by the CoCo Protocol Suite.    -   The link setup sublayer, which establishes links with        neighboring nodes in a CoCo network.    -   The link data sublayer, which transfers data across established        links.    -   The QoS handler, which monitors the quality of links.

FIG. 3 gives a more detailed view of the link layer protocols, includingtheir interfaces. Each arrow in FIG. 3 represents a function call thatis part of the interface. An arrow from layer A to layer B indicates aprocedure or function in layer B is called from layer A. A circle at thetail of an arrow indicates a function that returns a value to thecaller.

Link Layer Interface

The link layer interface offers the following functions, which therouting and circuit layers use to determine the presence and absence oflinks, and to send and receive packets over links:

-   -   LinkUp(link)

The link layer calls LinkUp (link) to inform the circuit and routinglayers that a link has opened.

-   -   LinkDown(link)

The link layer calls LinkDown (link) to inform the circuit and routinglayers that a link has closed.

-   -   Receive(packet,link)

The link layer calls Receive (packet, link) to inform the circuit androuting layers that a packet arrived over a link.

-   -   Send(packet, link)

The circuit or routing layer calls Send (packet, link) to send a packetover a link.

-   -   GetQos(link)

The circuit or routing layer calls GetQos (link) to obtain the QoSmetrics associated with the given link.

Link Layer Packet Types

After the PAL parses the incoming data frames, it discards the networkinterface header; the data that remains is either a link setup packet ora link data packet.

-   -   Link setup packet: A link setup packet contains information        necessary to establish a link. Its packet header is the entire        link setup packet; there is no separate data portion of a link        setup packet. Link setup packets are used only within the link        layer.    -   Link data packet: In addition to actual user data (and any data        relevant to higher protocol layers), link data packets contain        extra fields to handle data packet acknowledgements, data packet        fragmentation, and a cryptographic checksum. Link data packets        are forwarded to the routing and circuit layers.        Protocol Abstraction Layer

The Protocol Abstraction Layer (PAL) of the link layer parses theincoming data frames that arrive on network interfaces (such as Ethernetor Satellite interfaces), uses that data to create a CoCo header andaddress translation table, and then discards the header of the networkinterface data frame. After the network interface header is discarded,the data that remains is either a link setup packet or a link datapacket. The link layer examines these packets and sends link setuppackets to the link setup sublayer and link data packets to the linkdata sublayer.

To summarize, the PAL:

-   -   Gets data frames from a network device or connection.    -   Constructs a CoCo header and address translation table that        capture relevant information from the network interface layer        (which is typically a device driver for a network device such as        an Ethernet card).    -   Removes and discards the network interface layer header.    -   Passes the modified packet to either the link setup sublayer or        the link data sublayer.        The CoCo Header and Address Translation Table

The CoCo header and address translation table are replacements for theheader from the network interface layer. The PAL creates them afterreceiving a packet from the network interface. When a frame arrives fromany physical network interface, the PAL reads the frame header toconstruct a CoCo header and add an entry to its address translationtable.

The address translation table exists only in memory and is used only bythe PAL. The PAL extracts the source address from the frame header andassociates it with the universal node identifier (UNI) of the sourcenode, storing the association in an address translation table. Anaddress translation table is created for each type of physical transportused by the node. The UNI is then used throughout the CoCo Protocol; theaddress translation table may be needed only when data is sent to thenetwork interface layer. (See [BLMS] for more information about UNIs.)

The format of the CoCo header is uniform—it is the same regardless ofwhich interface type the packet arrived on. The CoCo header is stored inmemory and is available to higher protocol layers; its structure isshown in FIG. 4, with the bit size of each field given in parentheses.

The Type field describes the type of packet that follows the CoCoheader—either a link setup packet or a link data packet. The Encryptfield describes whether or not the packet is encrypted. Since encryptionmay not happen until after a link has been established, all link setuppackets are unencrypted; all broadcast packets are also unencryptedbecause of the difficulty of encrypting a message that would bedecrypted by multiple nodes. The Packet Size field is the size in bytesof the entire packet that follows the CoCo header.

CoCo nodes also send the CoCo header over the physical network interfaceto act as a check on the packet integrity. After the PAL composes theCoCo header in the usual manner, the results are checked against theCoCo header that was sent over the wire; if they do not match, thepacket is discarded.

Transports that the PAL Supports

The PAL supports numerous network interface formats, including:

-   -   Ethernet (IEEE 802.3)    -   Token-ring (IEEE 802.5)    -   Wi-Fi (IEEE 802.11)    -   Synchronous Optical Network (SONET)    -   Asynchronous Transfer Mode (ATM)    -   Satellite

Because other transport technologies use the network interface formatslisted previously, the link layer also supports:

-   -   Internet Protocol (IP)    -   Transmission Control Protocol (TCP)    -   User Datagram Protocol (UDP)    -   Global System for Mobile Communications (GSM) and Code Division        Multiple Access (CDMA)    -   Cellular Digital Packet Data (CDPD)    -   General Packet Radio Service (GPRS), and 1×RTT

The PAL can be easily extended to support other formats because of itsmodular design.

Link Setup Sublayer

The link setup sublayer performs the following functions:

-   -   Discovers the presence and maintains awareness of other nodes    -   Establishes links to nodes within range    -   Establishes a Diffie-Hellman key for each link    -   Establishes an encoding method for each link    -   Computes and verifies work tokens to resist denial-of-service        attacks    -   Monitors round-trip times for each link    -   Determines when links are inactive and closes them

The link setup sublayer uses an iterative, two-phase process for nodesto exchange information to accomplish the preceding functions.

Link Setup Packet

The link setup sublayer uses a single packet format, as is illustratedin FIG. 5, that is referred to as a link setup packet.

The link setup packet provides a mechanism for a node to announce itspresence and identity to other nodes, and to simultaneously inform othernodes that it has heard such announcements from them. Therefore, in somecontexts the link setup packet acts as a hello packet, and in othercontexts it acts as an acknowledgement, or ack packet.

To facilitate the dynamic addition and deletion of nodes on the network,each node broadcasts a link setup packet at fixed time intervals. Thisalso makes it possible for the link setup packet to serve as both ahello and an ack in the same packet. This fixed time interval is calledthe hello interval and is typically one second. Acknowledgements arepiggybacked onto outgoing hello packets. Each node maintains a set ofnodes called the ack-set from which it has received a hello within afixed time interval called the ack-interval, approximately 5-10 seconds.

The ack-interval is a link timeout parameter; if a node A does notreceive any hello packets from node B for ack-interval or longer, itdrops B from its ack-set and no longer acknowledges B in its outgoinghello messages.

To prevent security attacks from packet floods, each node computes awork token that is included in every link setup packet. A work token isvalid for an amount of time called the work token validity interval(WTVI), which is typically a length of time greater than the hellointerval but less than the ack-interval. When a work token expires(based on the WTVI), a new work token should be computed by the nodebefore sending out its next link setup packet.

A fourth time interval used by the link layer is the Diffie-Hellmancache interval (DHCI), which should be greater than the WTVI and shouldalso be longer than the ack-interval. The DHCI is the length of timethat a node A keeps a cached version of the Diffie-Hellman key it usesto communicate with node B. Because computing the Diffie-Hellman key isresource intensive, it is useful to keep a cached version of the keyeven after the link has been dropped, in case node B tries tore-establish its link to node A. If node A does not receive a link setuppacket from node B within the DHCI, node A purges its cached copy of thekey.

The link setup packet—separated by section—is shown in FIG. 5, wheredashed lines indicate sections of the packet that can be repeated, andnumbers in parentheses indicated the bit-size of each field.

The link setup packet contains the following sections:

-   -   Link establishment fields    -   A set of acknowledgments and associated fields (the ack-set)    -   A list of supported encodings    -   The public key of the node        Link Establishment Section of the Link Setup Packet

The initial fixed-length portion of the link setup packet, illustratedin FIG. 6, is comprised of the following fields:

Work Token (128) The random number that is used for work tokenvalidation, as described in the “Work Token” section. This helps preventdenial-of-service attacks. A work token is valid only for a length oftime determined by the work token validity interval, after which a newwork token should be computed.

TimeStamp (64) The time (using ustime data format) at which the worktoken was computed. This field is updated every work token validityinterval, rather than at every hello interval.

UNI (64) The universal node identifier (UNI) that uniquely identifiesthis CoCo node. It is an unranked UNI; see [BLMS] for more information.

HelloNum (32) A sequence number that increments with every link setuppacket sent by this CoCo node. Link setup packets are broadcast atregular intervals called the hello interval.

NumAcks (16) The number of acknowledgements that are piggybacked ontothis packet.

NumEncodings (16) The number of encodings that the sending CoCo nodesupports.

Acknowledgement Section of the Link Setup Packet

FIG. 7 is a block diagram illustrating an acknowledgement section of theLink Setup Packet in some embodiments.

This set of fields contains the acknowledgement of the receipt of linksetup packets from another CoCo node. These acknowledgements arepiggybacked onto the link establishment section of the link setuppacket. There can be several acknowledgements in a single link setuppacket, each acknowledging the receipt of a link setup packet from adifferent CoCo node. The number of acknowledgements in a link setuppacket is given by the NumAcks field of the link establishment section(see FIG. 6). Each acknowledgement is comprised of the following set offields:

Node Acked (64) The universal node identifier (UNI) of the node beingacknowledged.

HelloNum Last Heard (32) The HelloNum of the last packet received fromnode being acknowledged.

Hold Time (32) The time elapsed since the arrival of the last packetfrom the node being acknowledged; see FIG. 10.

Ack Signature (64) A hash of the Diffie-Hellman key negotiated betweenthis CoCo node and the CoCo node of the packet being acknowledged, usedto prevent spoofing of acks. The hash function that is used isnegotiated by that pair of nodes as explained in the “Encoding andSecurity” section below.

Encoding Section of the Link Setup Packet

FIG. 8 is a block diagram illustrating an encoding section of a linksetup packet. This section comprises a sequence of Encoding fields, onefor each pair of encryption/hash encoding methods that the source nodesupports. The number of Encoding fields in a link setup packet is givenby the NumEncodings field of the link establishment section (see FIG.6). Each Encoding field is comprised of the following subfields:

Encryption (4) A 4-bit identifier for the encryption method to be usedwith its associated Hash as an encoding pair. Encryption methodscurrently supported are RC4, DES, 3DES, Blowfish, and AES.

Hash (4) A 4-bit identifier for the hashing method to be used with itsassociated Encryption as an encoding pair. The hashing methods currentlysupported are MD5, SHA1, and RIPEMD.

Reserved (8) Reserved for future use.

Public Key Section of the Link Setup Packet

FIG. 9 is a block diagram illustrating a public key section of a linksetup packet.

PublicKey Size (16) The size, in bytes, of the Public Key field.

Public Key (variable; commonly 512) The public key used for theDiffie-Hellman key exchange; see the “Encoding and Security” section.

Determining Roundtrip Times and Reception Quality

FIG. 10 is a flow diagram illustrating how to determine roundtrip timesand reception quality.

The link setup sublayer enables each node to determine:

-   -   Roundtrip times to every other node.    -   The quality of the signals from other nodes.    -   The quality of its own signal, as perceived by other nodes.

For a node A to compute the roundtrip time to a node B, node A notes thetime elapsed between the time it sends a setup packet to node B and thetime it receives a link setup packet from node B acknowledging setup(checking that the value of hello-num is the same), and then subtractsthe hold time that appears in that acknowledgement.

In addition to roundtrip time computation, the link setup layer candetermine signal quality based on the percentage of link setup packetsthat it sends which are later acknowledged. For example, if node Breceives hello packets from node A numbered 1, 2, 3, 4, . . . then itknows that it has a strong signal from node A. On the other hand, ifnode B receives hello packets from node A numbered 4, 9, 15, 23, . . .then it knows that the signal from node A is relatively weak. Similarly,if node A receives acknowledgements from node B and A's hello packetscontain gaps in the numbered sequence, (for example, 5, 11, 17, 21, . .. ) then node A knows that the signal from node B is weak, its signal tonode B is weak, or both.

Encoding and Security

The encoding and security of the link layer relies upon a Diffie-Hellmankey exchange between nodes, as well as the exchange of work tokens toprevent denial-of-service attacks.

Work Tokens

A rogue node could mount denial-of-service attacks against a network by:

-   -   Flooding nodes within its range with link setup requests.    -   Simulating the existence of a multitude of fake nodes.

These actions constitute an attack since nodes that receive link setuprequests should perform a Diffie-Hellman key-exchange computation, whichis resource intensive (approximately one millisecond on a 400 MHz XScaleprocessor). In the presence of a large number of malicious establishmentrequests, link establishment requests from legitimate nodes may bedelayed or denied altogether due to timeouts.

Therefore, the link setup protocol uses a mechanism called a work tokento force nodes attempting to establish a link to perform a nontrivialcomputation. This makes such denial-of-service attacks more costly forthe attacker, lessening their likelihood or preventing them altogether,depending on the attacker's computational resources.

Because of these considerations, validating a work token precedes theDiffie-Hellman computation. If the work token is invalid, the node maynot devote time computing a Diffie-Hellman key, which is a much moreexpensive computation than the work token verification.

Before node A can send a link setup packet to node B, node A shouldcompute a valid work token, W, which it places in the work token fieldof its link setup packet (see FIG. 6).

This timestamp T is also included in the link setup packet (see FIG. 6).Upon receipt of the link setup packet, node B uses the timestamp todetermine whether the work token has expired (and is therefore invalid).

Work Token Algorithms

In the following work token algorithms, the function h is a global hashfunction set within the protocol source code that is used by all CoConodes. The outputs of h are distributed uniformly across its range [0,MAX].

The value r in Step 3.b of the following algorithms is chosen to besmall relative to MAX. This value r is set at the time of networkprovisioning and can be chosen for a particular deployment as a way ofcalibrating the tradeoff between security and efficiency of thisprotocol. This is because Step 3.b succeeds probabilistically with MAX/rexpected iterations, since the outputs of h are uniformly distributedover its range.

The notation (Z, Y) used in the following algorithms indicates stringconcatenation of the binary representations of Z and Y.

Work Token Computation

Node A should ensure that all link setup packets it sends out contain avalid work token. If the time difference between the current time andthe timestamp, T, of its most recently-sent packet is less than the worktoken validity interval, node A resends its most recent packet.Otherwise, the previously-sent work token is now invalid and should berecomputed by performing the following steps:

-   -   1. Node A identifies itself by setting the UNI field of its link        setup packet (see FIG. 6) to its name, N.    -   2. Node A sets the TimeStamp field of its link setup packet to        the current time, T.    -   3. Node A then        -   a. Chooses a 128-bit random number, X        -   b. Tests to see if c=h(X,T,N,X)<r. (The comma represents the            concatenation operation.)        -   c. Repeats Steps 3.a and 3.b until it finds an X such that            the resulting c is indeed less than r.    -   4. Node A sets the Work Token field of its link setup packet to        the work token, W, which is the successful value of X that was        used to complete Step 3.c.

With a new valid work token now computed, node A sends out the linksetup packet, containing the values of W, T, and N in the appropriatefields of the link establishment section of the packet.

1.1.1.1.1 Work Token Validation

When node B receives a link setup packet from node A, it should verifythat the work token is valid before continuing with its linkestablishment to node A. Because verifying the work token is much fasterthan computing the Diffie-Hellman key, overhead is reduced because notall link setup packets will contain a valid work token and resourceswill not be wasted on computing a Diffie-Hellman key for those packets.In addition, by silently ignoring all link setup packets that containinvalid work tokens, the protocol reduces the number of packets it uses,and hence the overall traffic overhead induced by the protocol is alsoreduced. Silently ignoring the failures also reduces exposure toattacks, since the less activity the protocol generates, the fewer theopportunities there are to exploit it.

Each node B maintains a cache of previously-calculated Diffie-Hellmankeys for each node A from which it has received valid link setuprequests. This ensures that node B may not need to recalculate theDiffie-Hellman key in the case where its acknowledgment to node A getslost. The cached key can also be use to quickly re-establish recentlydropped links. Node B eventually purges its cached key for node A if itreceives no link setup packets from node A for a duration of time thatexceeds the Diffie-Hellman cache interval.

To verify that the work token in the link setup packet from node A isvalid, node B performs the following:

-   -   1. Node B extracts W, T, and N from the Work Token, Time Stamp,        and UNI fields, respectively, of the link setup packet it        received from node A; see FIG. 6.    -   2. Node B checks whether the work token has expired, based on        the timestamp, T, in the link setup packet, the current time,        and the work token validity interval.        -   a. If the work token has expired, node B ignores the link            setup request because node A might be attempting a packet            flood attack or a reply attack by using previously-valid            values of W and T.        -   b. If the work token has not expired, node B continues with            the verification process.    -   3. Node B checks whether it has a cached Diffie-Hellman key from        node A.        -   a. If a cached key for node A exists, node B acknowledges            node A in the next link setup packet it sends out, setting            the Ack Signature field (see FIG. 7) to the hashed key in            its cache.        -   b. If a cached key for node A does not exist, node B            continues with the verification process.    -   4. Node B computes v=h(W,T,N,W). (The comma represents the        concatenation operation.) The value of v should be the same as        the successful value of c that was computed in Step 3.b of the        work token computation (described previously), and therefore v        should be less than r.        -   a. If v≧r, node B ignores the link setup request because            node A has not sent a valid work token and therefore might            be a rogue node.        -   b. If v<r, node A has sent a valid work token so node B            continues with the link setup process.

With a valid work token verified, node B is ready to continue with thelink setup process by acknowledging the link setup packet it receivedfrom node A.

Acknowledging a Link Setup Request

After verifying that node A sent a valid work token, node B continueswith the link setup. If node B does not already have a cached value ofthe Diffie-Hellman key for its link with node A (see Step 3 of the worktoken validation algorithm), it performs the following steps:

-   -   1. Node B computes the Diffie-Hellman key for its link with        node A. See the section “Diffie-Hellman Key Exchange” for more        information.    -   2. Node B caches the Diffie-Hellman key with the UNI that        identifies node A. Because node A regularly broadcasts its link        setup hello packet and node B acknowledges each hello it        receives from node A, it can be useful to keep a cached version        of the Diffie-Hellman key.    -   3. Node B establishes an encryption and hashing function pair        for the link. See the section “Establishing Link Encryption and        Hashing” for more information.    -   4. Node B acknowledges node A in the next link setup packet it        broadcasts, setting the Ack Signature field (see FIG. 7) to the        hashed Diffie-Hellman key it computed. This enables node A to        quickly authenticate the acknowledgement, preventing a rogue        node from spoofing acks, which would keep unused links open and        degrade performance because of all the extra acks that node A        would need to include in its link setup packets.        Diffie-Hellman Key Exchange

Because the Diffie-Hellman key exchange is a component to the securityand encoding of the link layer, this section provides a brief overviewof the process.

Nodes A and B agree on a prime number, p, and a generator, g, modulo p.(The values p and g are supplied to each device at provision time andcan be publicly known.) Node A chooses a private key a; node B chooses aprivate key β (α and β are each between 1 and p−1). CoCo nodes may besupplied with private keys at provision time, or they may choose aprivate key at startup time by any of several standard methods (see thesection “Generating Keys” in [S]). The key exchanged between the twonodes is computed as follows:

-   -   1. Node A sends node B its public key—the value P_(A)=g^(α)        (sent in the link setup hello packet from A to B in the public        key field; see FIG. 9).    -   2. Node B sends node A its public key—the value P_(B)=g^(β)        (sent in the link setup ack packet from B to A in the public key        field; see FIG. 9).    -   3. Node A computes (P_(B))^(α)=(g^(β))^(α)    -   4. Node B computes (P_(A))^(β)=(g^(α))^(β)    -   5. These two values from Steps 3 and 4 are the same, so it can        be referred to as k_(DH(AB)), or simply k if the context is        understood. This value is known to both A and B, and to no one        else, since determining α from g^(α) is computationally        infeasible (see [S]). Therefore A and B can use it as a secret        key for the encryption method they will use for all data sent        over the link between them (see “Establishing Link Encryption        and Hashing”).        Continuity of Identity after a Diffie-Hellman Key Exchange

After an exchange of link setup packets and the Diffie-Hellman keybetween nodes A and B, each node knows that the other should have had avalid private key. The key k_(DH(AB)) is then used throughout thesession in which this link is used, so there can be no man-in-the-middleattacks once a session begins. Any man-in-the-middle attack should havehappened prior to link establishment and should last for the lifetime ofthe link. The Diffie-Hellman key exchange guarantees continuity ofidentity; that is, once a node begins communicating over a link, it isguaranteed to be talking to the same node for the duration of the linksession.

Establishing Link Encryption and Hashing

Each node maintains an ordered list of encodings it supports. Eachencoding in the list represents an encryption method paired with ahashing function. When a node sends a link setup packet, it includes theencodings that appear in this list in the encoding section of the packet(refer to FIG. 5 and FIG. 8). The encodings appear in the link setuppacket in the same order they appear in its ordered list.

After node A sends a link setup (hello) packet to node B and node Bsends a link setup ack packet to node A, nodes A and B each have a listof the paired encryption methods and hash functions supported by theother, ordered by preference. Nodes A and B each perform the followingsteps to determine which of these encoding methods to use over the newlyestablished A-B link.

-   -   1. Determine whether node A or node B is the preferential        encoder (see the following section).    -   2. Pick the encoding method highest on the preferential        encoder's list that also appears on the list of the other node.        If no match is found, communication occurs over this link        unencrypted. (If security requirements demand that no data be        transmitted over an unencrypted link, the circuit used for the        data transmission will never incorporate an unencrypted link;        see [BMV] for more information.)

This link encoding selection algorithm is efficient because it requiresthe receipt of only a single packet by each participant.

Algorithm to Determine the Preferential Encoder

This algorithm is a deterministic process by which both nodes A and Bconclude by agreeing on the outcome. Nodes A and B perform thisalgorithm by comparing (P_(A)−P_(B)) modulo p and (P_(B)−P_(A)) modulop. If the former is larger, node A is the preferential encoder; if thelatter is larger, node B is the preferential encoder. Here, P_(A) andP_(B) are the Diffie-Hellman public keys of nodes A and B, respectively,and p is the prime modulo that is used to perform the Diffie-Hellmancomputation. Note that this algorithm is deterministic, so both nodes Aand B compute the same preferential encoder.

Link State

FIG. 11 is a state diagram showing possible link states.

Every node keeps a link state table, which includes an entry for eachnode it has heard from that contains:

-   -   The Diffie-Hellman key used to communicate with that node; see        the “Encoding and Security” section.    -   The last hello-num it received from that node.    -   The hello-num in the last acknowledgement it has heard from that        node.

Every node also maintains a state machine for each node it has heardfrom. The state machine on node A manages the state of its link withnode B and is called the A-B link state machine. The A-B link statemachine for node A can exist in one of four states (see FIG. 11):

-   -   Blank: node A is not aware of node B.    -   0-way: node A is aware of node B but has not received a link        setup hello from node B. (A knows of B but hasn't heard from B.)    -   1-way: node A has received a link setup hello from node B but        has not received an acknowledgment from node B. (A hears B but        doesn't know whether B hears A.)    -   2-way: node A has received a link setup hellop from node B and        has also received an acknowledgement from node B. (A hears B and        knows that B also hears A.)

Node A will send link data packets to node B only when the A-B linkstate machine is in state 2-way.

Let M be the A-B link state machine for node A. The state machine M canchange in one of the following six ways:

-   -   1. M is in state blank or 0-way and node A receives a link setup        hello packet from node B, then        -   M transitions to one of the following states:            -   State 1-way if the link setup packet from node B does                not contain an ack for node A.            -   State 2-way if the link setup packet from node B also                contains an ack for node A. (This would happen, for                example, if node A initiated the link setup with node                B).        -   Node A:            -   Validates the work token.            -   Establishes an encryption and hashing function pair for                the link.            -   Computes and caches a Diffie-Hellman key (if the key is                not already cached).            -   Adds node B to its ack-list.    -   2. If M is in state 1-way and node A receives a link setup        acknowledgement about itself from node B, then        -   M transitions to state 2-way.    -   3. If M is in state 2-way and node A does not receive an        acknowledgement about itself from node B for longer than the        ack-interval, then        -   M transitions to state 1-way.    -   4. If M is in state 1-way or 2-way and node A does not receive a        link setup hello from node B for longer than ack-interval, then        -   M transitions to state 0-way.        -   Node A removes node B from its ack-list.    -   5. If M is in state 0-way and node A's Diffie-Hellman cache        interval expires, then        -   M transitions to state blank.        -   Node A removes the Diffie-Hellman key for node B from its            cache.    -   6. In all states, node A sends at every hello-interval a link        setup packet containing an (incremented) hello-num, a time stamp        and work token, and acknowledgements for each node it has heard        from in the last ack-interval (which have entries in its link        state table).        Link Data Sublayer

The link data sublayer is responsible for getting data from one node toanother across an established link, managing data flow, monitoring QoSmeasurements such as latency and roundtrip times, and performingcompression and fragmentation.

Higher Layer Packet Types

Any packet that is not a link setup packet is treated by the link layeras data destined for higher protocol layers; in the CoCo Protocol theseinclude the routing layer, circuit layer, and naming system layer.

-   -   Clustering packets contain information related to clusters, a        recursive decomposition of CoCo nodes that permits more        efficient routing (see [BLMS]).    -   Advertising packets contain information about the cost of        reaching nodes (see [BLMS]).    -   Circuit control packets contain information about the        establishment and maintenance of circuits, which are dedicated        end-to-end communication paths (see [BMV]).        The Link Data Packet

Unlike link setup packets, link data packets contain user data. Thelength of the data is not specified in the packet header because theentire packet length is given in the CoCo header that was constructed bythe Protocol Abstraction Layer (see FIG. 4). The CoCo header for eachdata packet is stored in the node's memory so it can be easily accessedby the higher protocol levels that will use the packet data.

Before a data packet can be sent between them, a link should beestablished between nodes A and B. Therefore, nodes A and B will haveexchanged link setup packets and will have calculated a Diffie-Hellmankey k_(DH(AB)) that is specific to their link (see the “Diffie-HellmanKey Exchange” section). Nodes A and B will have also negotiated ahashing function h_(AB) and an encryption method e_(AB) that arespecific to the A-B link (see the “Establishing Link Encryption andHashing” section).

The entire data packet content is encrypted with the function e_(AB).Note that “none” is one of the encryption methods, so if both nodes Aand B agreed upon “none” as the encryption method, each of A and B knowsnot to attempt to encrypt when sending nor decrypt when receiving.

The link data packet—separated by section—is shown in FIG. 12, wheredashed lines indicate sections of the packet that can be repeated, andnumbers in parentheses indicated the field size in bits.

The link data packet contains the following sections:

-   -   Fields used when the data packet is multicast    -   A signature that serves as a secure checksum of the data packet    -   Information specific to each data packet    -   Fragmentation information so the data can be reconstructed if        the packet needs to be fragmented    -   A set of acknowledgments of received data packets    -   The average hold time of the packets being acknowledged    -   The actual data that will be either processed by the higher        protocol layers or sent to the network interface layer        Multicast Section of the Link Data Packet

FIG. 13 is a block diagram illustrating multicasting. The link layerprotocol supports multicasting. Multicast support enables non-redundanttransmission of data sent from a single source to multiple destinations,meaning only one copy of the data packet is sent across a broadcastinterface if the links from the source to the destinations share theinterface. For example, suppose node A has links to nodes B and C usingthe same wireless interface, as shown in FIG. 13. To send the samepacket to both nodes B and C, node A broadcasts the packet on theinterface only once.

For multicast messages with many recipients sharing the same broadcastlink, multicast support represents a substantial reduction of bandwidthutilization. However, since the recipients of a multicast use differentDiffie-Hellman keys for encrypting data over their links to the sourcenode, multicast data packets are not encrypted. FIG. 14 shows themulticast section of a link data packet; this section is not present inunicast data packets.

Using a Destination Set to Improve Multicast Efficiency

FIG. 14 is a block diagram illustrating a destination set section of alink data packet. Before sending a multicast packet, a node shouldidentify which nodes are the intended recipients of the broadcast data.For each intended recipient, it computes and attaches a signature to theoutgoing packet (see “Signature Section of the Link Data Packet”). Inaddition, the broadcasting node creates a 24-bit hash value from theconcatenation of the intended recipients' UNIs. This hash value is putinto the DestSetHash field of the link data packet (see FIG. 14). TheDestSetHash value provides a quick way for nodes that receive abroadcast packet to determine whether they are any of the intendedrecipients.

When a node receives a broadcast packet it compares the DestSetHashfield of the received packet against a table of previously-receivedDestSetHash values. The table cross-references the DestSetHash with theposition of that node's signature in the array of signatures that aresent with the packet. If the node is not an intended recipient, thesignature position will be 0 for that DestSetHash value, and the nodecan discard the packet.

If the DestSetHash field of the received packet is not in the table, thenode calculates its signature for the packet (see “Signature Section ofthe Link Data Packet”) and compares its signature with each of thesignatures attached to the packet (which indicate the intendedrecipients). If the node finds a match, it adds the DestSetHash valueand the signature position to its table of known DestSetHash values. Ifno signature match is found, the DestSetHash value is added to the tablewith a signature position of 0, indicating that the node is not one ofthe intended recipients for broadcast packets that contain thisDestSetHash; the node then discards the packet.

Because signatures also act as checksums for packet integrity, a packetwith incomplete data will have a different signature than that samepacket when it is complete. If such an incomplete packet arrived at anintended recipient with a new DestSetHash value, the intended recipientwould not find any matching signatures and would therefore incorrectlyconclude that this DestSetHash value indicates that this node (whichreceived the packet) is not an intended recipient. This node would thenincorrectly ignore all future broadcast packets with this DestSetHashvalue. This can be avoided by relying on checksums performed at theMedium Access Control (MAC) level, which is part of the networkinterface level, to ensure packet integrity.

Fields in the Multicast Section of the Link Data Packet

NumSigs (8) The number of signatures that appear in the packet; it is inthe range from 1 to 255. A separate signature is created for eachintended recipient of the multicast data packet (see “Signature Sectionof the Link Data Packet”). This field appears only in multicast datapackets; it is absent in unicast data packets.

DestSetHash (24) Contains a unique value created from a hash of the setof intended destination nodes. This field appears only in multicast datapackets; it is absent in unicast data packets.

Signature Section of the Link Data Packet

The signature section of the link data packet serves as a securechecksum for the packet data and also authenticates the data sender. Thesender of a data packet, node A, computes a hash of the data andDiffie-Hellman key used for the recipient—h(k, D, k)—and places it inthe Sig field of the link data packet header. When node B receives thepacket, it applies the hash function h to the string k,D,k and verifiesthat the result matches the contents of the Sig field. If the two match,node B knows that the data arrived uncorrupted with high probability(because h(k,D,k) is a checksum), and it also knows that the data shouldhave come from node A (because only A knows the value of k).

Folding the Hash Value

FIG. 15 is a flow diagram illustrating a technique for folding hashvalues. The output of the standard hash functions—for example, MD-5—is a128 bit hash value. This is collapsed into a 32-bit quantity by aprocess called folding. To fold a 128 bit hash value h₁₂₈ into a 32-bitresult h₃₂, the exclusive-or operator is applied bit-wise to the four32-bit substrings of h₁₂₈. More precisely:h ₃₂ [i]=h ₁₂₈ [i]θh ₁₂₈ [i+32]θh ₁₂₈ [i+64]θh ₁₂₈ [i+96] for each i=0 .. . 31

where θ represents the exclusive-or operator.

To see this more graphically, suppose h₁₂₈ is the string shown at thetop of FIG. 15. By realigning the four 32-bit substrings shown as astack of four 32-bit strings in FIG. 15, one can obtain a single 32-bithash value as the result of the bit-wise exclusive-or of the four bitsthat appear in each column. Although 2⁹⁶ different hash values in h₁₂₈fold into a single hash value in h₃₂, the 2³² different values of h₃₂make it difficult to spoof a node by simply guessing the hash value.

Fields in the Signature Section of the Link Data Packet

FIG. 16 is a block diagram illustrating a signature field section of adata link packet. Sig (32) Serves as a secure checksum for the data andauthenticates the data sender. Node A sets this field to the 32-bitfolded string of h(k, D, k), where h is the negotiated hash function, kis the Diffie-Hellman key for the link and D represents the data in thepacket, which follows the packet header. In this context, the commarepresents the concatenation operator. A unicast data packet has onlyone Sig field, whereas a multicast data packet can have multiple Sigfields, with the actual number of signatures given by the NumSigs fieldin the multicast section of the packet (see FIG. 14).

Packet Information Section of the Link Data Packet

Once nodes A and B establish a link with each other, packets sent from Ato B are numbered sequentially (0, 1, 2 . . . ) with a Packet ID (PID).Likewise, packets sent from B to A are also numbered sequentially, usinga separate sequence for its own PIDs.

To safeguard against reply attacks, the link layer discards packets thatarrive with a PID less than HighestPID or greater thanHighestPID+RangePID, where HighestPID is the highest value of a PID sofar received in any link data packet, and a typical constant value forRangePID is 1000. In any implementation, appropriate adjustments shouldbe made to handle “wraparound,” that is, accommodating the smoothtransition from the PID with bit pattern of all ones to the PID with bitpattern of all zeros. This is necessary to because the PID is a 32-bitunsigned integer field, so arithmetic is performed modulo 2³².Fields in the Packet Information Section of the Link Data Packet

FIG. 17 is a block diagram illustrating a packet information section ofa data link packet. PID (32) An integer that increments sequentiallywith each packet sent over the life of the link (per link, perdirection).

NumAcks (8) The number of acknowledgements of incoming packets that areincluded with this (outgoing) packet. See “Acknowledgement Section ofthe Link Data Packet” for more information.

ToS (2) Specifies the type of service for the data passed over the link.The currently supported ToS types are given in Table 1.

TABLE 1 Currently supported ToS types ToS filed (decimal) Description 0Video-audio broadcast (passive media streaming) 1 Media-streaminteractive (active voice conversation) 2 Passive data file transfer(ftp) 3 Interactive data file transfer (web browsing)

If more types are identified and considered desirable, some of the 6bits in the reserved field adjacent to the ToS field in the link datapacket header may be used.

Type (8) Describes the type of data contained in the packet, as shown inTable 2. This field is set to 0 if the packet contains onlyacknowledgements. Otherwise, this field is available for the purposes ofhigher protocol layers.

TABLE 2 Possible values for the Type field Type field (decimal) Purpose0 Acknowledgement-only packet 1 Advertisement packet (routing layer) 2Test packet (routing layer) 128 Circuit data (CDAT) packet (circuitlayer) 129 Circuit establishment (CEST) packet (circuit layer) 130Circuit close (CCLS) packet (circuit layer) 131 Circuit acknowledgement(CACK) packet (circuit layer) 132 Circuit reset (CRST) packet (circuitlayer) 133 Circuit unknown (CUNK) packet (circuit layer)

Frag (1) Set to 1 when a packet represents one of several fragments froman original data packet; otherwise set to 0. When a packet size exceedsthe network interface MTU, the link data layer breaks the data portionof the packet into fragments sufficiently small enough that whencombined with the link data header the resulting packet is within theMTU constraint. See “Fragmentation Section of the Link Data Packet” formore information.

AckCom (1) Set to 1 when there is acknowledgement compression, whichmeans that acknowledgements are 8 bits in length instead of 32 bits;otherwise set to 0. See “Acknowledgement Section of the Link DataPacket” for more information.

Res (6) Reserved for future use.

Fragmentation Section of the Link Data Packet

FIG. 18 is a block diagram illustrating a fragmentation section of alink data packet.

The link layer protocol supports a process called link packetfragmentation. When the link layer receives a packet from the circuitand routing layers, the packet may be too large for the networkinterface layer to handle. This may be due to hardware-related maximumtransmission unit (MTU) restrictions. In this case, the link layerfragments the packet it receives into smaller packets before sendingthem to the network interface. Similarly, when it receives suchfragmented packets, it reformats them to their original packetconfiguration before relaying them to the routing and circuit layers.The MTU is the largest packet size that the underlying network transporttechnology can support and varies for different technologies such asEthernet, satellite, WiFi, and wireless carrier.

All packets that contain fragments from a single higher-levelpacket—such as a circuit layer packet—contain the same PID. Thereceiving node sends an acknowledgement for this PID only afterreceiving all the fragments.

Each data packet fragment contains a offset that describes thatfragment's position within the higher-level packet. These offsets, alongwith a bit that indicates the last fragment, enable the receiver toreassemble the fragments.

The Frag field of the Packet Information section (see FIG. 17) indicateswhether the current data packet is a fragment of a larger block of data.The remaining fields related to packet fragmentation are shown in FIG.18.

Fields in the Fragmentation Section of the Link Data Packet

LastFrag (1) Set to 1 if the packet contains the last of a series offragments; otherwise set to 0.

Fragmentation Offset (31) Set to the byte offset of this fragment fromthe beginning of the original data packet.

Acknowledgement Section of the Link Data Packet

The link layer recognizes packets by using a system that attachesacknowledgements of incoming packets to outgoing packets—for as manyincoming packets as possible within time and space constraints, up to afixed limit. When an outgoing packet is ready to be sent, the link layerattaches available acknowledgements. If acknowledgements are availablebut there are no ready outgoing packets, the link layer should wait forone of two events:

-   -   A fixed time limit has elapsed    -   A fixed number of acknowledgements accumulate

Regardless of which state occurs, the link layer creates a blank packetunrelated to any active data stream, attaches the waitingacknowledgements, and sends the packet.

When acknowledgement compression is used (by setting the AckCom field ofthe Packet Information section; see FIG. 17), only the 8 lowest-orderbits are used from the PID of the packet being acknowledged. As long asthe ack is received by the sending node within the 256 most-recentpackets it has sent, the node can reliably determine which packet isbeing acknowledged.

Fields in the Acknowledgement Section of the Link Data Packet

FIG. 19 is a block diagram illustrating fields in an acknowledgementsection of a link data packet. Ack (8 or 32) Contains the PID of anincoming packet received and being acknowledged. The size of the fieldis 8 bits or 32 bits, depending on the value of the AckCom field in thePacket Information section (see FIG. 17). The number of Ack fieldspresent is given by the NumAcks field (also in the Packet Informationsection).

Average Hold Time (32) Contains the average of the hold times of each ofthe packets being acknowledged by this packet. This field is used formeasuring quality of service.

Distinguishing Multicast from Unicast

The procedure OnReceiveDataPacket ( ), outlined in the followingpsuedocode, describes how the link layer distinguishes a unicast packetfrom a multicast data packet. This processing is performed in the PAL.When a sender wants to perform a multicast, it computes a value,DestSetHash, determined by the set of the intended recipients (see“Multicast Section of the Link Data Packet” for more information aboutthe DestSetHash value). Although each node that physically receives thepacket is able to determine if it is one of the sender's intendedrecipients by scanning the signatures in the packet header, theDestSetHash value provides a way to more quickly determine whether thelocal node is an intended recipient by eliminating the need to alwaysscan through the list of signatures in the packet header.

In the procedure OnReceiveDataPacket ( ), the variable DestSetTable isan array indexed by values of DestSetHash. Each entry contains anunsigned integer value. The local node is in DestSetHash if DestSetTable[DestSetHash] is nonzero, in which case the value of DestSetTable[DestSetHash] indicates the position of the signature (in the list ofsignatures attached in the data packet header) that should match thelocal node's signature. If the value of DestSetTable [DestSetHash] iszero, the local node is not an intended recipient and it should discardthe packet.

The value of DestSetTable [DestSetHash] is defined only after the localnode receives a packet containing the value DestSetHash in theDestSetHash field of the packet. Prior to that, DestSetTable[DestSetHash] is undefined. If a sender broadcasts packets with adifferent set of intended destinations, it computes a new value ofDestSetHash for the DestSetHash field on the data packet it sends. Whenthe local node receives a multicast packet that contains a newDestSetHash value, it calculates its signature and scans for a matchamong the signatures in the packet header. The position of the matchingsignature is placed into DestSetTable [DestSetHash]; if no signaturesmatch, DestSetTable [DestSetHash] is set to zero and the packet isdiscarded.

procedure OnReceiveDataPacket (linkID) { if frame header indicatesnetwork frame is not broadcast then Process this packet normally, as aunicast packet; else // This packet is a broadcast packet. // See if thelocal node is an intended recipient: if DestSetTable[DestSetHash] isdefined then sigOffset ← DestSetTable[DestSetHash]; if sigOffset ≠ 0then // Previously determined to be an intended recipient. Processpacket using signature at sigOffset position; else // Local node is notan intended recipient. Discard the packet; else sig ← sig of a packetusing negotiated key for linkID; if sig appears in the list of sigs inthis packet then sifOffset ← offset of this sig in the packet header;DestSetTable[DestSetHash] ← sigOffset; Process this packet normally;else DestSetTable[DestSetHash] ← 0; Discard the packet; }QoS Measurements

The link layer monitors the cost of sending data across a link. Somecommon cost metrics include bandwidth, latency, jitter, reliability,congestion, and actual monetary expense (for example, a network maylease the use of a satellite link). The circuit layer uses this data toestablish circuits that satisfy user-specified QoS requirements.

-   -   getQos( )

The getQos₍ ₎ function returns a set of QoS metrics. The metricsreturned are implementation-specific.

Packet Delivery

Packets are delivered to higher protocol layers through a call toReceivePacket (see FIG. 3). If a packet has its Type field set to testpacket or advertisement (see Table 2 and the section “Packet InformationSection of the Link Data Packet”), the link data layer callsReceivePacket in the routing layer. If a packet has a type field set toone of the circuit-related packet types (see Table 2) then the link datalayer calls ReceivePacket in the circuit layer.

CONCLUSION

The link layer protocol creates and manages links, which are directconnections between pairs of CoCo nodes. The link layer detects thepresence of neighboring CoCo devices and establishes links to them. Linkestablishment includes the negotiation of an encoding method and aDiffie-Hellman key exchange so that all communications sent over thelink can be secure.

Once a link is established, the link layer relays packets between thenetwork interface layer and higher protocol layers, monitors Quality ofService (QoS) statistics and is able to report these to higher protocollayers. It supports multicasting by suppressing redundant packettransmission across a single network interface, performs fragmentationwhen packet sizes exceed the network interface Maximum Transmission Unit(MTU), and closes inactive links to free system resources for new linkrequests.

The link layer uses a Diffie-Hellman key exchange and a work tokencomputation to provide a level of security that is absent from TCP andIP. This protocol is designed specifically for mobile ad hoc networking,and is superior to TCP/IP for this purpose.

The following are possible:

1. A method for establishing links in a heterogeneous communicationsnetwork that is scalable and dynamic.

2. A method for detecting the presence of other network nodes incommunications networks.

3. A method for making links with other network nodes secure. If A and Bare two network nodes joined by a link, then when A sends a packet to B,B is guaranteed that only A could have sent it and A is guaranteed thatonly B can read it.

4. A method to prevent man-in-the-middle attacks. Once a link isestablished between two nodes A and B, no rogue node is able tointerpose itself between A and B and impersonate each to the other.Hence CoCo networks prevent so-called man-in-the-middle attacks.

5. A method to prevent denial-of-service attacks. Any node attempting toflood a network with spurious packets is forced to use significantcomputational resources. Hence CoCo networks prevent so-called denial ofservice attacks.

6. A method for monitoring the quality of links in communicationnetworks.

7. A method for using measured link quality to establish circuitssatisfying specified QoS requirements in communication networks.

8. A method for assigning uniform addresses (uniform networkidentifiers) to network nodes in heterogeneous communications networks.

9. A method for nodes to negotiate appropriate security mechanismsduring link establishment.

10. A method to support multicasting by suppressing redundant packettransmission across a single network interface.

11. A method to detect when links should be closed.

Semantic Concepts Involved

-   -   Link    -   Bandwidth    -   Latency    -   Encryption    -   Diffie-Hellman key negotiation    -   Universal Node Identifier    -   Protocol Abstraction Layer    -   Denial-of-service prevention    -   Man-in-the-middle attack prevention    -   Link setup packets    -   Round trip time computation    -   Acknowledgements    -   Multicasting    -   Unicasting    -   Link state machine

From the foregoing, it will be appreciated that specific embodiments ofthe invention have been described herein for purposes of illustration,but that various modifications may be made without deviating from thespirit and scope of the invention. Accordingly, the invention is notlimited except as by the appended claims.

The invention claimed is:
 1. A secure communication system comprising: afirst network node that is configured to establish a securecommunication link for sending packets to a second network node by:computing a work token, the work token including at least a work tokenvalidity interval that defines a period of time that the work token isvalid; and communicating from the first network node to the secondnetwork node the work token and a time stamp corresponding to a timethat the work token was computed, wherein the work token validityinterval is at least equal to a hello interval and is less than anacknowledgement interval.
 2. The system of claim 1, wherein the firstnetwork node is further configured to: transmit to the second networknode a link setup packet that includes the work token and the timestamp.
 3. The system of claim 2, wherein the first network node isfurther configured to: determine whether the work token period hasexpired based on a current time, the time that the work token wascomputed, and the work token validity interval; and if the work tokenhas expired, compute a new work token prior to communicating a new linksetup packet.
 4. The system of claim 2, wherein the link setup packetfurther includes a hello number that is a sequence number that isincremented each time the link setup packet is communicated from thefirst network node.
 5. The system of claim 2, wherein the first networknode is further configured to: receive an acknowledgement from thesecond network node, wherein the acknowledgement includes a public keyof the second network node.
 6. A secure communication system comprising:a first network node that is configured to establish a securecommunication link for sending packets to a second network node by:computing a work token, the work token including at least a work tokenvalidity interval that defines a period of time that the work token isvalid; and communicating from the first network node to the secondnetwork node the work token and a time stamp corresponding to a timethat the work token was computed; and wherein the first network node isfurther configured to transmit to the second network node a link setuppacket that includes the work token and the time stamp, and receive anacknowledgement from the second network node, wherein theacknowledgement includes a public key of the second network node, andwherein the received acknowledgement is piggybacked onto a second linksetup packet that is returned by the second network node to the firstnetwork node, and wherein the second link setup packet includes anacknowledgement number indicating the number of acknowledgements thatare piggybacked onto the second link setup packet.
 7. A securecommunication system comprising: a first network node that is configuredto establish a secure communication link for sending packets to a secondnetwork node by: computing a work token, the work token including atleast a work token validity interval that defines a period of time thatthe work token is valid; and communicating from the first network nodeto the second network node the work token and a time stamp correspondingto a time that the work token was computed; and wherein the firstnetwork node is further configured to: transmit to the second networknode a link setup packet that includes the work token and the timestamp, and receive an acknowledgement from the second network node,wherein the acknowledgement includes a public key of the second networknode, communicate a public key of the first network node to the secondnetwork node; compute a Diffie-Helman key that is valid only between thefirst network node and the second network node, wherein theDiffie-Helman key is associated with a Diffie-Helman cache interval(DHCI), wherein the DHCI defines a time interval that the Diffie-Helmankey is valid, and wherein the Diffie-Helman key is purged from memory atthe first network node upon expiration of the DHCI; and store, at thefirst network node, the computed Diffie-Hellman key.
 8. The system ofclaim 7, further comprising: receive, at the first network node, a linkdata packet with user data from the second network node; and determinethat the link data packet with user data received from the secondnetwork node is valid based upon the stored Diffie-Hellman key.
 9. Asecure communication system comprising: a first network node, configuredto establish a secure communication link for receiving packets from asecond network node, by: receiving from the second network node a worktoken and a time stamp, the work token including a work token validityinterval that defines a period of time that the work token is valid,wherein the time stamp corresponds to a time that the work token wascomputed, and wherein the work token validity interval is at least equalto a hello interval and is less than an acknowledgement interval;determining whether the work token has expired based on the time stamp,the work token validity interval, and a current time; and when the worktoken has not expired, providing to the second network node a key. 10.The system of claim 9, wherein the work token and the time stamp arereceived as part of a first link setup packet, and wherein the firstnetwork node transmits the key as part of a second link setup packet.11. The system of claim 10, wherein the first network node is furtherconfigured to: when the work token has expired, ignore the first linksetup packet, wherein no response is returned by the first network nodeto the second network node.
 12. The system of claim 9, wherein the firstnetwork node is further configured to: generate the key.
 13. The systemof claim 12, wherein the first network node is further configured to:validate the work token received from the second network node.
 14. Thesystem of claim 12, wherein the key is a Diffie-Hellman key.
 15. Thesystem of claim 12, wherein the first network node is further configuredto: cache the key.
 16. A secure communication system, comprising: afirst network node, configured to establish a secure communication linkfor receiving packets from a second network node, by: receiving from thesecond network node a work token and a time stamp, the work tokenincluding a work token validity interval that defines a period of timethat the work token is valid, the time stamp corresponding to a timethat the work token was computed; determining whether the work token hasexpired based on the time stamp, the work token validity interval, and acurrent time; generating a key; when the work token has not expired,providing the key to the second network node; and determine which ofonly one of the first network node and the second network node is toapply an encryption method to packets sent over the communication link,wherein the work token and the time stamp are received as part of afirst link setup packet, and wherein the first network node transmitsthe key as part of a second link setup packet.
 17. A securecommunication system comprising: a first network node; and a secondnetwork node; wherein the first network node is configured to: establisha secure communication link for sending packets to the second networknode; compute a work token, the work token including at least a worktoken validity interval that defines a period of time that the worktoken is valid, wherein the work token validity interval is at leastequal to a hello interval and is less than an acknowledgement interval;and communicate the work token and a time stamp from the first networknode to the second network node, wherein the time stamp corresponds to atime that the work token was computed; wherein the second network nodeis configured to: receive from the first network node the work token andthe time stamp; determine whether the work token has expired based onthe time stamp, the work token validity interval, and a current time;and when the work token has not expired, transmit to the first networknode a key generated by the second network node.
 18. The system of claim17, wherein the first network node is configured to transmit to thesecond network node a first link setup packet that includes the worktoken and the time stamp; and wherein the second network node isconfigured to transmit to the first network node a second link setuppacket that includes the key generated by the second network node. 19.The system of claim 17, wherein the first network node is furtherconfigured to: determine whether the work token period has expired basedon a current time, the time that the work token was computed, and thework token validity interval; and if the work token has expired, computea new work token prior to communicating a new link setup packet to thesecond network node.
 20. A secure communication system comprising: afirst network node that is configured to establish a securecommunication link for sending packets to a second network node by:computing a work token, the work token including at least a work tokenvalidity interval that defines a period of time that the work token isvalid, and communicating from the first network node to the secondnetwork node the work token and a time stamp corresponding to a timethat the work token was computed, wherein the first network node isfurther configured to determine which of only one of the first networknode and the second network node is to apply an encryption method topackets sent over the communication link.
 21. A secure communicationsystem comprising: a first network node, configured to establish asecure communication link for receiving packets from a second networknode, by: receiving from the second network node a work token and a timestamp, the work token including a work token validity interval thatdefines a period of time that the work token is valid, the time stampcorresponding to a time that the work token was computed; determiningwhether the work token has expired based on the time stamp, the worktoken validity interval, and a current time; and when the work token hasnot expired, providing to the second network node a key, wherein thefirst network node is further configured to determine which of only oneof the first network node and the second network node is to apply anencryption method to packets sent over the communication link.
 22. Asecure communication system comprising: a first network node, and asecond network node, wherein the first network node is configured to:establish a secure communication link for sending packets to the secondnetwork node; determine which of only one of the first network node andthe second network node is to apply an encryption method to packets sentover the communication link; compute a work token, the work tokenincluding at least a work token validity interval that defines a periodof time that the work token is valid; and communicate the work token anda time stamp from the first network node to the second network node,wherein the time stamp corresponds to a time that the work token wascomputed; wherein the second network node is configured to: receive fromthe first network node the work token and the time stamp; determinewhether the work token has expired based on the time stamp, the worktoken validity interval, and a current time; and when the work token hasnot expired, transmit to the first network node a key generated by thesecond network node.